Share via


System.DirectoryServices.ActiveDirectory Scenarios

The System.DirectoryServices.ActiveDirectory namespace is designed to simplify the development of applications and utilities that perform common tasks related to Active Directory Domain Services. This namespace is a high-level API that encapsulates a significant amount of knowledge about the structure of Active Directory Domain Services, Active Directory Domain Services-based networks and common Active Directory Domain Services operations such as replication and trust management. System.DirectoryServices.ActiveDirectory includes objects that represent common Active Directory Domain Services elements such as forests, domain controllers, schema classes, schema properties, and replication schedules.

In many cases, tasks can be performed with no additional access to Active Directory Domain Services beyond that provided by the System.DirectoryServices.ActiveDirectory namespace. However, for some advanced tasks, it may be necessary to access attributes of an object that are not implemented in the System.DirectoryServices.ActiveDirectory namespace. To do this, an application can use the GetDirectoryEntry method that is implemented by many System.DirectoryServices.ActiveDirectory objects. With that method, an application can retrieve the DirectoryEntry for the object. The application can then inspect or update the DirectoryEntry using the methods provided by that class and other related classes in System.DirectoryServices. In this way, even applications that need advanced Active Directory Domain Services capabilities can take advantage of the many object-specific methods in System.DirectoryServices.ActiveDirectory that can be used to locate a particular directory object, or enumerate through a series of directory objects of a certain type with minimal developer knowledge of Active Directory Domain Services schema internals and fewer lines of program code. System.DirectoryServices.ActiveDirectory classes which implement the GetDirectoryEntry method include:

Another System.DirectoryServices object that can be very useful is the System.DirectoryServices.DirectorySearcher object, which performs searches of a sub-tree of Active Directory Domain Services. Once the application has obtained a DirectoryEntry object, it can create a DirectorySearcher object that will search the Active Directory Domain Services sub-tree that has the root DirectoryEntry. An application can also obtain a System.DirectoryServices.DirectorySearcher object directly from a DomainController or GlobalCatalog object using the GetDirectorySearcher method of either object.

Schema Management Scenario

An application can use classes within the System.DirectoryServices.ActiveDirectory namespace to query and update the schema without detailed knowledge of the structure of the schema.

The ActiveDirectorySchema class includes methods that enumerate classes, such as FindAllClasses and FindAllDefunctClasses. An application can identify schema classes of interest by inspecting the properties of each ActiveDirectorySchemaClass object located by the enumeration method. At that point, the application can produce a report on the class or update one or more properties of the selected ActiveDirectorySchemaClass object. The application could also use that object's MandatoryProperties or OptionalProperties collection to access the set of ActiveDirectorySchemaProperty objects containing detailed information about the schema properties for that class, such as whether it is present or defunct in the global catalog.

Similarly, if an application needs to identify schema properties with certain characteristics, it could begin by calling the FindAllProperties method of the ActiveDirectorySchema class to enumerate the properties. Then it could inspect the properties of each ActiveDirectorySchemaProperty object that is returned, and modify or report on details of that object, as required.

Topology Management Scenario

An application can use classes in the System.DirectoryServices.ActiveDirectory namespace to inspect and modify the topology of an Active Directory Domain Services installation.

An application can view or update information in Active Directory Domain Services objects such as Forest, Domain, ActiveDirectorySite and ActiveDirectorySubnet. It can also explore relationships among objects in either of two ways:

  • Using methods and properties of those objects that return one or more objects of a different type. For example, to list all of the domains in all sites, an application could enumerate over the ActiveDirectorySiteCollection. The application could retrieve the Domains collection for each ActiveDirectorySite in the ActiveDirectorySiteCollection, and then produce a report listing for each site, the names of all of the domains it contains.
  • Accessing other objects that represent relationships between the Active Directory Domain Services objects named above. For example, the Sites property of the ActiveDirectorySiteLink object retrieves a collection of all sites contained in that ActiveDirectorySiteLink object. Similarly, the SiteLinks property of the ActiveDirectorySiteLinkBridge object retries a collection of all ActiveDirectorySiteLink objects associated with that ActiveDirectorySiteLinkBridge.

Forest or Domain Trust Management Scenario

An application can access a collection of all the trusts defined for a Domain or Forest object. In either case, the application can use the GetAllTrusts method of either object to return a TrustRelationshipInformationCollection object. The application can then iterate through that collection to display or update the TrustRelationshipInformation objects it contains. The System.DirectoryServices.ActiveDirectory namespace also defines additional objects such as TrustDirection and TrustType,which offer enumerated values that represent valid trust directions and trust types, respectively.

Replication Monitoring Scenario

Another common application for the System.DirectoryServices.ActiveDirectory namespace is monitoring Active Directory Domain Services replication.

System.DirectoryServices.ActiveDirectory implements a number of classes that contain replication status information such as: ReplicationConnection, ReplicationCursor, ReplicationFailure, ReplicationOperation and ReplicationOperationInformation.

For example, to report on replication status for all partitions that are defined on a particular domain controller, an application could examine the ReplicationCursor objects that are associated with each partition. The application could locate the DomainController of interest using the FindOne method of the DomainController object. It could then reference the Partitions collection property of the DomainController, and enumerate all partitions on that domain controller. The application can obtain the collection of all ReplicationCursor objects for that partition by using the GetReplicationCursors method, and enumerate over that collection of ReplicationCursor objects, displaying the values of properties such as SourceServer, SourceInvocationId and LastSuccessfulSyncTime.

See Also

Concepts

System.DirectoryServices.ActiveDirectory Namespace Overview
System.DirectoryServices.ActiveDirectory Architecture

Send comments about this topic to Microsoft.

Copyright © 2008 by Microsoft Corporation. All rights reserved.